Amazon FSx for Windows File Server FAQs

General

Amazon FSx for Windows File Server provides fully managed, highly reliable, and scalable file storage that is accessible over the industry-standard Service Message Block (SMB) protocol. It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration.

To support a wide spectrum of workloads, Amazon FSx provides high levels of throughput and IOPS, and consistent sub-millisecond latencies.

Amazon FSx is accessible from Windows, Linux, and MacOS compute instances and devices. Thousands of compute instances and devices can access a file system concurrently. Amazon FSx File Gateway provides low-latency, on-premises access to fully managed file shares in the cloud.

A file system is the primary resource in Amazon FSx. It’s where you store and access your files and folders. It is associated with a storage amount and a throughput capacity, as well as a DNS name for accessing it.

A file share is a specific folder (and its subfolders) within your file system that you make accessible to your compute instances – every file system comes with a default Windows file share, named “share” and you can create and manage as many other Windows file shares as you’d like.

To use Amazon FSx, you must have an AWS account. If you do not already have an AWS account, you can sign up for an AWS account.

Once you have created an AWS account, you can create a file system via the AWS Management Console, the AWS Command Line Interface (AWS CLI), and Amazon FSx API (and various language-specific SDKs).

By supporting the SMB protocol, Amazon FSx can connect your file system to Amazon EC2, Amazon ECS, VMware Cloud on AWS, Amazon WorkSpaces, and Amazon AppStream 2.0 instances. To ensure compatibility with your applications, Amazon FSx supports all Windows versions starting from Windows Server 2008 and Windows 7, and current versions of Linux (using the cifs-utils tool).

You can use Amazon FSx to enable persistent, shared storage for your containerized applications running on Amazon ECS. You can easily access Amazon FSx for Windows Server file systems on Amazon ECS by referencing your file systems in your task definition. Getting started instructions can be found in the Amazon ECS documentation.

From within Windows, use the “Map Network Drive” feature to map a drive letter (e.g., Z:) to a file share on your Amazon FSx file system. You can also access your file system from Linux using the cifs-utils tool to mount your file share. Once you've done this, you can work with the files and folders in your Amazon FSx file system just like you would with a local file system.

Amazon FSx is a fully-managed service, so all of the file storage infrastructure is managed for you. When you use Amazon FSx, you avoid the complexity of deploying and maintaining complex file system infrastructure.

To create, view, tag, and delete file systems and backups, you can use the AWS Management Console, the AWS command-line interface (CLI), or the Amazon FSx API (and various language-specific SDKs). To administer file systems, including managing file shares, active user sessions and open files, shadow copies, user quotas, and Data Deduplication, you can use the Amazon FSx remote management CLI via PowerShell.

If you’d like to migrate your existing files to Amazon FSx for Windows File Server file systems, we recommend the use of AWS DataSync, an online data transfer service designed to simplify, automate, and accelerate copying large amounts of data to and from AWS storage services. DataSync copies data over the internet or AWS Direct Connect. As a fully managed service, DataSync removes much of the need to modify applications, develop scripts, or manage infrastructure. For more information, see Migrating Existing Files to Amazon FSx for Windows File Server Using AWS DataSync guide.

A secondary option is Windows’s Robust File Copy (RoboCopy) to copy your files directly to Amazon FSx.

Once you have moved your file and folder data, Amazon FSx offers programmatic share management support to help you easily migrate your file share configuration. You must include security ACLs (SACLs) in your data migration to keep using your existing audit controls for file access auditing. Learn more about migrating your existing file shares in the documentation guide.

You can monitor storage capacity and file system activity using Amazon CloudWatch, monitor all Amazon FSx API calls using AWS CloudTrail, and monitor end user actions with file access auditing using Amazon CloudWatch Logs and Amazon Kinesis Data Firehose.

Amazon FSx was designed for a broad set of use cases that require Windows shared file storage, like CRM, ERP, custom or .NET applications, home directories, data analytics, media and entertainment workflows, web serving and content management, software build environments, and Microsoft SQL Server.

High availability (HA) Microsoft SQL Server is typically deployed across multiple database nodes in a Windows Server Failover Cluster (WSFC), with each node having access to shared file storage. Amazon FSx for Windows File Server can be used as shared storage for High Availability (HA) Microsoft SQL Server deployments in two ways: as storage for active data files and as an SMB file share witness. For more information, see Using Amazon FSx with Microsoft SQL Server or read the Simplify Your Microsoft SQL Server High Availability deployments blog.

A: Please refer to the Choosing an Amazon FSx file system page for a guide on how to choose between the different Amazon FSx file storage offerings.

Yes, you can access Amazon FSx file systems from your on-premises environment using an AWS Direct Connect or AWS VPN  connection between your on-premises datacenter and your Amazon VPC. With support for AWS Direct Connect, Amazon FSx allows you to access your file system over a dedicated network connection from your on-premises environment. With support for AWS VPN, Amazon FSx allows you to access your file system from your on-premises devices over a secure and private tunnel.

Amazon FSx File Gateway optimizes on-premises access to fully managed, low-latency file shares in the cloud. By maintaining a local cache of frequently accessed data, Amazon FSx File Gateway enables faster performance and reduced data transfer cost for file-based workloads and business applications such as user shares, documents, and content management workflows.

With on-premises access, you can use Amazon FSx for hosting user shares accessible by on-premises end-users, for cloud bursting workloads to offload your application processing to the cloud, and for backup and disaster recovery solutions. For more information, see Accessing Amazon FSx from on-premises.

Yes, you can access your Amazon FSx file systems from multiple Amazon VPCs, AWS accounts, and AWS Regions using VPC Peering  connections or AWS Transit Gateway. A VPC Peering connection is a networking connection between two VPCs that enables you to route traffic between them. A transit gateway is a network transit hub that you can use to interconnect your VPCs. With VPC Peering and AWS Transit Gateway, you can even interconnect VPCs across AWS accounts and AWS Regions.

With access to your file systems via VPC Peering and Transit Gateway, you can share your file data sets across users and applications in multiple VPCs, AWS accounts, and/or AWS Regions. For more information, see Accessing Amazon FSx from multiple VPCs, accounts or regions.

Yes, with Amazon FSx, you can create and use file systems in shared Amazon Virtual Private Clouds (VPCs) from both owner accounts and participant accounts with which the VPC has been shared. VPC sharing enables you to reduce the number of VPCs that you need to create and manage, while you still benefit from using separate accounts for billing and access control.

Please refer to Regional Products and Services for details of Amazon FSx for Windows File Server service availability by region.

Yes. The Amazon FSx SLA provides for a service credit if a customer's monthly uptime percentage is below our service commitment in any billing cycle.

Scale and performance

Amazon FSx for Windows File Server provides consistent sub-millisecond latencies with SSD storage, and single-digit millisecond latencies with HDD storage for file operations. For all file systems, including those with HDD storage, Amazon FSx provides a fast (in-memory) cache on the file server, so you can get high performance and sub-millisecond latencies for actively accessed data irrespective of storage type.

File systems can deliver up to 12 GB/s and up to 350,000 IOPS for data accessed from persistent disk storage. Depending on your workload’s access patterns, you may observe even higher levels of throughput for frequently-accessed cached data by benefiting from in-memory caching on the Windows file server.

Every Amazon FSx file system has a throughput capacity that you configure when the file system is created and that you can change at any time. This throughput capacity determines the baseline and burst network speeds at which the Windows File Server hosting your file system can serve file data. When creating a file system in the Amazon FSx console, it automatically recommends a throughput capacity for you, or you can select from the available throughput capacity levels.

Each gigabyte of SSD storage includes 3 disk IOPS, and you can provision additional IOPS as-needed. For more information, please read the documentation guide.

You can run up to thousands of Amazon FSx for Windows File Server file systems in your account, with each file system having up to 64 TB of data. To unify your data from multiple file systems into one common folder structure, Amazon FSx supports the use of Microsoft’s Distributed File System (DFS) to organize shares into a single folder structure up to hundreds of PB in size.

Yes, you can increase the storage capacity, and increase or decrease the throughput capacity of your file system – while continuing to use it – at any time by clicking “Update storage" or "Update throughput” in the Amazon FSx Console, or by calling “update-file-system” in the AWS CLI/API and specifying the desired level.

Amazon FSx grows the storage capacity of your existing file system without any downtime impact to your applications and users by adding larger disks, transparently migrating your data in the background from the original disks to the new ones, and then removing the original disks from your file system – the standard process for growing storage on a Windows File Server.

When you request an update of your file system’s storage capacity, the larger, desired storage capacity becomes available within a few minutes. Afterwards, the transparent data migration process running in the background can take between a few hours and a few days depending on the amount of storage being migrated. The background migration process has minimal noticeable impact on your workload performance. You can track the progress of the data migration at any time using the Amazon FSx Console or AWS CLI/API. See the Managing Storage Capacity documentation for more information.

A: Amazon FSx updates the throughput capacity of your file system by switching out the file servers powering your file system to meet the new throughput capacity configuration. This update process typically takes a few minutes to complete. Multi-AZ file systems will experience an automatic failover and failback during this process, and single-AZ file systems will be offline for a brief period of time.

Amazon FSx supports the use of Microsoft’s Distributed File System (DFS) Namespaces to scale out performance across multiple file systems in the same namespace up to tens of GBps and millions of IOPs.

Security and compliance

Amazon FSx works with Microsoft Active Directory (AD) to integrate with your existing Windows environments. When creating a file system with Amazon FSx, you join it to your Microsoft AD -- either an AWS Managed Microsoft AD or your self-managed Microsoft AD. Your users can then use their existing AD-based user identities to authenticate themselves and access the Amazon FSx file system, and to control access to individual files and folders.

Amazon FSx provides standard Windows permissions (full support for Windows Access Controls ACLS) for files and folders.

You specify the Amazon Virtual Private Cloud (VPC) in which your file system is made accessible, and you control which resources within the VPC have access to your file system using VPC Security Groups.

You control who can administer your file system and backup resources (create, delete, etc.) using AWS IAM.

Yes. Amazon FSx for Windows File Server always encrypts your file system data and your backups at-rest using keys you manage through AWS Key Management Service (KMS). Amazon FSx encrypts data-in-transit using SMB Kerberos session keys, when you access your file system from clients that support SMB 3.0 (and higher). You can also choose to enforce in-transit encryption on all connections to your file system by limiting access to only those clients that support SMB 3.0 and higher to help meet compliance needs.

A: When creating a file system from the AWS Management Console, file access auditing is turned on by default. If you're migrating existing file data that already has audit controls (SACLs) set up, there's nothing more for you to do to take advantage of file access auditing.

You can turn on files access auditing at any time (during or after creation of a file system) via the AWS Management Console or the Amazon FSx CLI or API, and also change the destination for publishing user access events: logging to CloudWatch Logs or streaming to Kinesis Data Firehose.

You can also set up or change audit controls (i.e., which access types by which users or groups to publish audit events for) at any time for individual files and folders using Windows audit controls via Windows File Explorer or PowerShell. 

Once the events are available in the destination, you have the option to view and search the logs on the CloudWatch Console, query the logs using CloudWatch Logs Insights, archive log data, trigger Lambda functions to take reactive actions (e.g., notify security teams of unauthorized access attempts), or perform post-processing on partner solutions such as Splunk and Datadog.

AWS has the longest-running compliance program in the cloud and is committed to helping customers navigate their requirements. Amazon FSx has been assessed to meet global and industry security standards. It complies with PCI DSS, ISO 9001, 27001, 27017, and 27018), and SOC 1, 2, and 3, in addition to being HIPAA eligible. That makes it easier for you to verify our security and meet your own obligations. For more information and resources, visit our compliance pages. You can also go to the Services in Scope by Compliance Program page to see a full list of services and certifications.

Availability and durability

To ensure high availability and durability, Amazon FSx automatically replicates your data within an Availability Zone (AZ) to protect it from component failure, continuously monitors for hardware failures, and automatically replaces infrastructure components in the event of a failure. You can also create a Multi-AZ file system, which provides redundancy across multiple AZs. Amazon FSx also takes highly durable backups (stored in S3) of your file system daily using Windows’s Volume Shadow Copy Service, and allows you to take additional backups at any point.

Single-AZ file systems are composed of a single Windows file server instance and a set of storage volumes within a single Availability Zone (AZ). With Single-AZ file systems, data is automatically replicated to protect it from the failure of a single component in most cases. Amazon FSx continuously monitors for hardware failures, and automatically recovers from failure events by replacing the failed infrastructure component.

Multi-AZ file systems are composed of a high-availability cluster of Windows file servers spread across two AZs (a preferred AZ and a standby AZ), leveraging Windows Server Failover Clustering (WSFC) technology and a set of storage volumes on each of the two AZs. Data is replicated synchronously within each individual AZ and between the two AZs. Relative to Single-AZ deployment, Multi-AZ deployments provide enhanced durability by further replicating data across AZs, and enhanced availability during planned system maintenance and unplanned service disruption by failing over automatically to the standby AZ. This allows you to continue accessing your data, and helps to protect your data against instance failure and AZ disruption.

Amazon FSx automatically performs a failover in the event of a loss of availability to the active file server. This can be caused by a failure in the active Availability Zone, or by a failure of the active file server itself. Amazon FSx will also temporarily fail over to the standby file server during planned maintenance or if throughput scaling has been initiated on the file system.

A: Amazon FSx detects and automatically recovers from failures so that you can resume file system operations as quickly as possible without administrative intervention. When failing over from one file server to another, the new active file server will automatically begin serving all file system reads and write requests. Failovers, as defined by the interval between the detection of the failure on the active and promotion of the other file server to active, typically complete within 30 seconds. Failback will occur once the file server in the preferred subnet is fully recovered (typically under 20 minutes), and also completes within 30 seconds.

Windows clients accessing Multi-AZ file systems automatically fail over and fail back with the file system, meaning that users or applications running on Windows clients automatically benefit from the enhanced availability of Multi-AZ file systems. Linux clients don’t automatically connect to the standby file server upon a failover, and will automatically resume file system operations once failback to the preferred file server is complete.

Amazon FSx performs routine software updates for the Windows Server software it manages. The maintenance window is your opportunity to control what day and time of the week this software patching occurs. Patching occurs infrequently, typically once every several weeks, and should require only a fraction of your 30-minute maintenance window.

Data protection

Beyond automatically replicating your file system's data to ensure high durability, Amazon FSx provides you with two options to further protect the data stored on your file systems: Windows shadow copies to enable your end-users to easily undo file changes and compare file versions by restoring files to previous versions, and backups to support your backup retention and compliance needs.

Amazon FSx supports file- or folder-level restores to previous versions by supporting Windows shadow copies, which are snapshots of your file system at a point in time. With shadow copies enabled, your end-users can view and restore individual files or folders from a prior snapshot with the click of a button in Windows File Explorer. Storage administrators using Amazon FSx can easily schedule shadow copies to be taken periodically using Windows PowerShell commands.

Creating regular backups for your file system is a best practice that complements the replication that Amazon FSx performs for your file system. Working with Amazon FSx backups is easy, whether it's creating backups, restoring a file system from a backup, or deleting a backup.

Amazon FSx takes daily automatic backups of your file systems, and allows you to take additional backups at any point. Amazon FSx backups are incremental, which means that only the changes after your most recent backup are saved, thus saving on backup storage costs by not duplicating data.

With Amazon FSx, backups are file-system-consistent and highly durable. To ensure file-system-consistency, Amazon FSx uses Windows’s Volume Shadow Copy Service, allowing you to restore to a point in time snapshot of your file system. To ensure high durability, Amazon FSx stores backups in Amazon S3.

The daily backup window is a 30-minute window that you specify when creating a file system. Amazon FSx takes the daily automatic backup of your file system during this window. At some point during the daily backup window, storage I/O might be suspended briefly while the backup process initializes (typically under a few seconds).

The daily backup retention period specified for your file system (7 days by default) determines the number of days your daily automatic backups are kept.

When you delete your file system, all automatic daily backups associated with the file system are deleted. Any user-initiated backups you created will remain.

You first enable Amazon FSx as a protected service in AWS Backup. You can then configure backups of your Amazon FSx resources via the AWS Backup console, API or CLI. You can create both scheduled and on-demand backups of Amazon FSx resources via AWS Backup and restore these backups as new Amazon FSx file systems. Amazon FSx file systems can be added to backup plans in the same way as other AWS resources, either by specifying the ARN or by tagging the Amazon FSx file system for protection in the backup plan. To learn more, visit the AWS Backup documentation.

You can configure your backup plans on AWS Backup to periodically create and copy backups of your Amazon FSx file systems to other AWS Regions, other AWS accounts, or both, with your desired frequency and retention policy. For cross-account backup copies, you use your AWS Organizations management account to designate source and destination accounts.

You can use AWS DataSync to schedule the periodic replication of your Amazon FSx for Windows File Server file system to a second file system. This capability is available for both same-region and cross-region replications. To learn more, see Data Transfer between AWS Storage services.

Optimizing Total Cost of Ownership (TCO)

Amazon FSx provides two types of storage – Hard Disk Drives (HDD) and Solid State Drives (SSD) – to allow you to optimize cost/performance to meet your workload needs. HDD storage is designed for a broad spectrum of workloads, including home directories, user and departmental shares, and content management systems. SSD storage is designed for the highest-performance and most latency-sensitive workloads, including databases, media processing workloads, and data analytics applications.

While you cannot change the storage type on your existing file system, you can take a backup and restore that backup to a new file system with a different storage type.

Large datasets often have redundant data. For example, with user file shares, multiple users tend to have files that are similar or identical. As another example, with software development shares, most binaries remain largely unchanged from build to build. Data Deduplication is a feature in Windows Server that reduces costs that are associated with redundant and uncompressed data by storing duplicated portions of files only once and compressing the data after deduplication. Learn more by visiting the Using Data Duplication documentation.

The storage savings you can achieve with Data Deduplication depends on the nature of your data set, including how much duplication exists across files. Typical savings average 50-60% for general-purpose file shares, with savings ranging 30-50% for user documents, and 70-80% for software development data sets.

You can enable Data Deduplication on your file system by running a single command (Enable-FSxDedup) on the Amazon FSx remote management CLI via PowerShell. Once enabled, Data Deduplication continually and automatically scans and optimizes your files in the background.

You can enable and configure user storage quotas on your file system to monitor usage and allocate storage costs to individual teams, and to impose restrictions at a user-level in order to prevent any one user from storing a lot of data.

Pricing and billing

You pay only for the resources you use. You are billed hourly for your file systems, based on their deployment type (Single-AZ or Multi-AZ), storage type (SSD or HDD), storage capacity (priced per GB-month), throughput capacity (priced per MBps-month), and your level of SSD IOPS above the default 3 IOPS that are included for every GB of SSD storage (priced per IOPS-mo). You are billed hourly for your backup storage (priced per GB-month). For pricing information, please visit the Amazon FSx pricing page.

Except as otherwise noted, our prices are exclusive of applicable taxes and duties, including VAT and applicable sales tax. For customers with a Japanese billing address, use of AWS services is subject to Japanese Consumption Tax. Learn more.

Scaling storage capacity and throughput capacity is available at no additional cost. Once storage capacity scaling is complete (typically within 1-2 minutes of you requesting a storage capacity increase), you will be billed for that storage capacity moving forward. Once throughput capacity scaling is complete (i.e., the new throughput capacity is available), you will be billed for the new throughput capacity from that point forward.